Home

Description

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.

PUBLISHED Reserved 2025-12-19 | Published 2025-12-22 | Updated 2025-12-22 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Missing Authentication for Critical Function

Product status

-
affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php exploit

www.exploit-db.com/exploits/51457 (ExploitDB-51457) exploit

www.dbbroadcast.com (DB Elettronica Telecomunicazioni Official Website) product

www.dbbroadcast.com/...cts/radio/sft-dab-series-compact-air/ (SFT DAB Series Product Page) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php (Zero Science Lab Disclosure (ZSL-2022-5773)) third-party-advisory

www.vulncheck.com/...are-authentication-bypass-erase-account (VulnCheck Advisory: Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Erase Account) third-party-advisory

cve.org (CVE-2023-53968)

nvd.nist.gov (CVE-2023-53968)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.